Skip Links

Do you know your cyberthreats?

Cybersecurity threats 101

By , Network World
January 09, 2012 03:18 PM ET

Network World - The watchdogs at the Government Accountability Office this week issued a report that takes a look at what information, or guidance as they call it, is available to help government agencies and public sector companies bulk up their cybersecurity efforts.

Since a GAO report late last year showed reports of security incidents from federal agencies have increased more than 650% over the past five years, the need for a community of help on the cybersecurity front is needed.

MORE ON SECURITY: IRS: Top 10 things every taxpayer should know about identity theft

Inside the current report, the GAO included a list and definitions of some of the more common, and perhaps some not-so-common, security exploits that federal agencies and private firms are hit with. Here's the list:

Cross-site scripting: An attack that uses third-party web resources to run script within the victim's web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim's machine.

Denial-of-service: An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.

Distributed denial-of-service: A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

Logic bomb: A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

Phishing: A digital form of social engineering that uses authentic-looking -- but fake -- e-mails to request information from users or direct them to a fake website that requests information.

Passive wiretapping: The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

SQL injection: An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.

Trojan horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.

Virus: A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

War driving: The method of driving through cities and neighborhoods with a wireless-equipped computer -- sometimes with a powerful antenna -- searching for unsecured wireless networks.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News